So... Quick brief.
We had an Open Directory running on 10.6 Servers which was (still is) utterly rubbish.
Also because it's impossible to upgrade 10.6 OD to something more reliable and up to date we have made a decision to rethink all the process in total.

Decision was made to go with Active Directory instead (also because we are moving to Office 365 at some point).

Latest Xserve running Yosemite + Server app 4.1 (I know, it's old... But this is the last machine made by Apple which I'm ready to call a Server + I need FC HBA to get our storage attached)

And Xserve is bound to AD.

Issues:
Groups. When group is used in file sharing - all fine, AD group members are able to connect to the shares etc. But for example I've set up protected website to be accessed by particular group and guess what - it doesn't work. Tried different sites, no success. Tried reinstalling OS X Server - same. Tried spare Mini Server - nope.
Also, sometimes when I open a group the members section is empty but still users can connect to the shares from within the group.

Is it AD issue? Yosemite bug? Or I should do good old "golden triangle" setup (I would prefer not to, I'm just not looking forward managing 2x directory services...)?

So... Quick brief.
We had an Open Directory running on 10.6 Servers which was (still is) utterly rubbish.
Also because it's impossible to upgrade 10.6 OD to something more reliable and up to date we have made a decision to rethink all the process in total.

Decision was made to go with Active Directory instead (also because we are moving to Office 365 at some point).

Latest Xserve running Yosemite + Server app 4.1 (I know, it's old... But this is the last machine made by Apple which I'm ready to call a Server + I need FC HBA to get our storage attached)

And Xserve is bound to AD.

Issues:
Groups. When group is used in file sharing - all fine, AD group members are able to connect to the shares etc. But for example I've set up protected website to be accessed by particular group and guess what - it doesn't work. Tried different sites, no success. Tried reinstalling OS X Server - same. Tried spare Mini Server - nope.
Also, sometimes when I open a group the members section is empty but still users can connect to the shares from within the group.

Is it AD issue? Yosemite bug? Or I should do good old "golden triangle" setup (I would prefer not to, I'm just not looking forward managing 2x directory services...)?

Thanks.

Regards,
Kr15

Click to expand...

Not sure, but you would probably benefit from doing a clean install of both Windows Server 2008 R2 and OS X 10.10 on independent machines that aren't in production. That will give you the definite answer to your question.

I agree with the previous post. We switched to a Synology for about 50 users last year and haven't had any problems with it. I had one at home before we got one here and that one works great too. I am Apple Certified for OS X Server 10.8 to 10.10 and think it makes a pretty lousy file server.

So... Quick brief.
We had an Open Directory running on 10.6 Servers which was (still is) utterly rubbish.
Also because it's impossible to upgrade 10.6 OD to something more reliable and up to date we have made a decision to rethink all the process in total.

Decision was made to go with Active Directory instead (also because we are moving to Office 365 at some point).

Latest Xserve running Yosemite + Server app 4.1 (I know, it's old... But this is the last machine made by Apple which I'm ready to call a Server + I need FC HBA to get our storage attached)

And Xserve is bound to AD.

Issues:
Groups. When group is used in file sharing - all fine, AD group members are able to connect to the shares etc. But for example I've set up protected website to be accessed by particular group and guess what - it doesn't work. Tried different sites, no success. Tried reinstalling OS X Server - same. Tried spare Mini Server - nope.
Also, sometimes when I open a group the members section is empty but still users can connect to the shares from within the group.

Is it AD issue? Yosemite bug? Or I should do good old "golden triangle" setup (I would prefer not to, I'm just not looking forward managing 2x directory services...)?

Thanks.

Regards,
Kr15

Click to expand...

You will need to use the Golden Triangle, but it won't be as terrible as you fear...

All of the authentication for OS X Server services (such as the Websites service, Profile Manager (aka, another website), file sharing, mail, etc.) is processed by Open Directory or the local user directory. But you need to use Open Directory in order to relay requests to/authenticate against AD.

You should not need to replicate your Active Directory users and groups inside Open Directory. Simply set up your X Serve as an OD master, and then bind the Xserve to your AD domain. Your Xserve should then be able to process login requests for AD users, even if the AD user object does not exist inside OD.

When configuring permissions to OS X Server services, you should be able to see AD users and groups in the permissions sheets in the GUI.

You will need to use the Golden Triangle, but it won't be as terrible as you fear...

All of the authentication for OS X Server services (such as the Websites service, Profile Manager (aka, another website), file sharing, mail, etc.) is processed by Open Directory or the local user directory. But you need to use Open Directory in order to relay requests to/authenticate against AD.

You should not need to replicate your Active Directory users and groups inside Open Directory. Simply set up your X Serve as an OD master, and then bind the Xserve to your AD domain. Your Xserve should then be able to process login requests for AD users, even if the AD user object does not exist inside OD.

When configuring permissions to OS X Server services, you should be able to see AD users and groups in the permissions sheets in the GUI.

MacRumors attracts a broad audience
of both consumers and professionals interested in
the latest technologies and products. We also boast an active community focused on
purchasing decisions and technical aspects of the iPhone, iPod, iPad, and Mac platforms.